Merge branch 'main' into patch-71

Author: AbdullahBell

.openpublishing.publish.config.json

@@ -997,7 +997,13 @@
       "url": "https://github.com/MicrosoftGraph/microsoft-graph-docs",
       "branch": "main",
       "branch_mapping": {}
-    }
+    },
+    {
+      "path_to_root": "azure-actions-workflow-samples",
+      "url": "https://github.com/Azure/actions-workflow-samples",
+      "branch": "main",
+      "branch_mapping": {}
+    }  
   ],
   "branch_target_mapping": {
     "live": ["Publish", "PDF"],

.openpublishing.redirection.json

@@ -22758,6 +22758,26 @@
             "source_path_from_root": "/articles/azure-functions/functions-create-function-linux-custom-image.md",
             "redirect_url": "/azure/azure-functions/functions-how-to-custom-container",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/windows-firewall-events-via-ama.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-meraki.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-asa-ftd-via-ama.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/threat-intelligence-upload-indicators-api.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/faq.yml

@@ -8,7 +8,7 @@ metadata:
   ms.service: active-directory
   ms.workload: identity
   ms.topic: faq
-  ms.date: 03/15/2023
+  ms.date: 05/23/2023
   ms.author: godonnell
   ms.subservice: B2C
   ms.custom: "b2c-support"
@@ -17,6 +17,20 @@ summary: This page answers frequently asked questions about the Azure Active Dir
 
 
 sections:
+  - name: Microsoft Entra External ID preview
+    questions:
+      - question: |
+          What is Microsoft Entra External ID?
+        answer: |
+          We announced early preview of our next generation Microsoft Entra External ID solution. This early preview represents an evolutionary step in unifying secure and engaging experiences across all external identities including partners, customers, citizens, patients, and others within a single, integrated platform. For more information about the preview, see [What is Microsoft Entra External ID for customers?](../active-directory/external-identities/customers/overview-customers-ciam.md). 
+      - question: |
+          How does this preview affect me?
+        answer: |
+          No action is required on your part at this time. The next generation platform is currently in early preview only. We remain fully committed to support of your current Azure AD B2C solution. There are no requirements for Azure AD B2C customers to migrate at this time and no plans to discontinue the current Azure AD B2C service. As the next generation platform approaches GA, details will be made available to all our valued B2C customers on available options including migration to the new platform.
+      - question: |
+          How do I participate in the preview?
+        answer: |
+          As the next generation platform represents our future for customer identity and access management (CIAM), we welcome and encourage your participation and feedback during early preview. If you're interested in joining the early preview, contact your sales team for details. 
   - name: General
     questions:
       - question: |
@@ -164,7 +178,7 @@ sections:
           If the TOTP authenticator app codes aren't working with your Android or iPhone mobile phone or device, your device's clock time might be incorrect. In your device's settings, select the option to use the network-provided time or to set the time automatically.
           
       - question: |
-          How do I know that the Go-Local add-on available in my country/region? 
+          How do I know that the Go-Local add-on is available in my country/region? 
         answer: |
           While [creating your Azure AD B2C tenant](tutorial-create-tenant.md), if the Go-Local add-on is available in your country, you're asked to enable it if you need it. 
       

articles/active-directory/develop/tutorial-v2-android.md

@@ -35,7 +35,6 @@ In this tutorial:
 
 - [Android Studio](https://developer.android.com/studio)
 - [Android documentation on generating a key](https://developer.android.com/studio/publish/app-signing#generate-key)
-- [Layout resource](https://developer.android.com/guide/topics/resources/layout-resource)
 
 ## How this tutorial works
 

articles/active-directory/devices/azuread-join-sso.md

@@ -42,6 +42,8 @@ Azure AD Connect or Azure AD Connect cloud sync synchronize your on-premises ide
 > Additional configuration is required when passwordless authentication to Azure AD joined devices is used.
 >
 > For FIDO2 security key based passwordless authentication and Windows Hello for Business Hybrid Cloud Trust, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md).
+>
+> For Windows Hello for Business Cloud Kerberos Trust, see [Configure and provision Windows Hello for Business - cloud Kerberos trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision).
 > 
 > For Windows Hello for Business Hybrid Key Trust, see [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base).
 > 

articles/active-directory/external-identities/customers/azure-rest-api-operations-tenant-management.md

@@ -0,0 +1,32 @@
+---
+title: Tenant management with Azure REST API
+description: Learn how to manage your Azure AD for customers tenant by calling the Azure REST API.
+services: active-directory
+author: garrodonnell
+manager: celested
+ms.author: godonnell
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: ciam
+ms.topic: how-to
+ms.date: 05/23/2023
+ms.custom: developer
+
+#Customer intent: As a dev, devops, I want to learn how to use the Azure REST API to manage my Azure AD for customers tenant.
+---
+
+# Manage Azure Active Directory for customers tenant with Azure REST API
+You can manage your Azure Active Directory for your tenant using the Azure REST API. The management of resources related to tenant management supports the following API operations. Each link in the following sections targets the corresponding page within the Microsoft Graph API reference for that operation.
+
+## Tenant Management operations
+
+You can perform tenant management operations with your Azure Active Directory for customers tenant with the following operations:
+
+- [Create or Update](/rest/api/azurestack/directory-tenants/create-or-update)
+- [Delete](/rest/api/azurestack/directory-tenants/delete)
+- [Get](/rest/api/azurestack/directory-tenants/get)
+- [List](/rest/api/azurestack/directory-tenants/list)
+
+## Next steps
+
+- To learn more about programmatic management, see [Microsoft Graph overview](/graph/overview). 

articles/active-directory/external-identities/customers/faq-customers.md

@@ -0,0 +1,72 @@
+---
+title: Frequently asked questions
+description: Find answers to some of the most frequently asked questions about Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers. 
+services: active-directory
+author: msmimart
+manager: celestedg
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: ciam
+ms.topic: reference
+ms.date: 05/23/2023
+ms.author: mimart
+ms.custom: it-pro
+---
+
+# Microsoft Entra External ID for customers frequently asked questions
+
+This article answers frequently asked questions about Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers. This document offers guidance to help customers better understand Microsoft’s current external identities capabilities and the journey for our next generation platform (Microsoft Entra External ID).
+
+This FAQ references customer identity and access management (CIAM). CIAM is an industry recognized category that covers solutions that manage identity, authentication, and authorization for external identity use cases (partners, customers, and citizens). Common functionality includes self-service capabilities, adaptive access, single sign-on (SSO), and bring your own identity (BYOI).
+
+## Frequently asked questions
+
+### What is Microsoft Entra External ID?
+
+Microsoft Entra External ID is our next generation CIAM platform that represents an evolutionary step in unifying secure and engaging experiences across all external identities including customers, partners, citizens, and others, within a single, integrated platform.
+
+### Is Microsoft Entra External ID a new name for Azure AD B2C?
+
+No, this isn't a new name for Azure AD B2C. Microsoft Entra External ID builds on the success of our existing Azure AD B2C technologies but represents our future for CIAM. The new platform serves as the foundation for rapid innovation, features, and capabilities that address use cases across all external users.  
+
+### What is the release date for Microsoft Entra External ID?  
+
+Microsoft Entra External ID (for customers) entered preview at Microsoft Build 2023. The existing B2B collaboration feature remains unchanged.
+
+### What is the pricing for Microsoft Entra External ID?
+
+Microsoft Entra External ID (for customers) is in preview, so no pricing details are available at this time. The pricing for existing B2B collaboration features is unchanged.
+
+### How does Microsoft Entra External ID affect B2B collaboration?
+
+There are no changes to the existing B2B collaboration features or related pricing. Upon general availability, Microsoft Entra External ID will address use cases across all external user identities, including partners, customers, citizens, and others.
+
+### How long will you support the current Azure AD B2C platform?
+
+We remain fully committed to support of the current Azure AD B2C product. The SLA remains unchanged, and we’ll continue investments in the product to ensure security, availability, and reliability. For existing Azure AD B2C customers that have an interest in moving to the next generation platform, more details will be made available after general availability.
+
+### I have many investments tied up in Azure AD B2C, both in code artifacts and CI/CD pipelines. Do I need to plan for a migration or some other effort?
+
+We recognize the large investments in building and managing custom policies. We’ve listened to many customers who, like you, have shared that custom policies are too hard to build and manage. Our next generation platform will resolve the need for intricate custom policies. In addition to many other platform and feature improvements, you’ll have equivalent functionality in the new platform but a much easier way to build and manage it. We expect to share migration options closer to general availability of the next generation platform.  
+
+### I’ve heard I can preview the Microsoft Entra External ID platform. Where can I learn more?
+
+You can learn more about the preview and the features we're delivering on the new platform by visiting the Microsoft Entra External ID for customers [developer center](https://aka.ms/ciam/dev).
+
+### As a new customer, which solution is a better fit, Azure AD B2C or Microsoft Entra External ID (preview)?
+
+Opt for the current Azure AD B2C product if:
+
+- You have an immediate need to deploy a production ready build for customer-facing apps.
+  
+   > [!NOTE]
+   > Keep in mind that the next generation Microsoft Entra External ID platform represents the future of CIAM for Microsoft, and rapid innovation, new features and capabilities will be focused on this platform. By choosing the next generation platform from the start, you will receive the benefits of rapid innovation and a future-proof architecture.
+
+Opt for the next generation Microsoft Entra External ID platform if:
+
+- You’re starting fresh building identities into apps or you're in the early stages of product discovery.
+- The benefits of rapid innovation, new features and capabilities are a priority.
+
+## Next steps
+
+[Learn more about Microsoft Entra External ID for customers](index.yml)

articles/active-directory/external-identities/customers/how-to-management-apis-overview.md

@@ -0,0 +1,119 @@
+---
+title: Management APIs for Azure Active Directory for customers 
+description: Learn how to manage resources in an Azure AD for customers tenant programmatically by using APIs.
+services: active-directory
+author: garrodonnell
+manager: celested
+ms.author: godonnell
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: ciam
+ms.topic: how-to
+ms.date: 05/23/2023
+ms.custom: developer
+
+#Customer intent: As a dev, devops, I want to learn how to programmatically manage my Azure Active Directory for customers tenant using APIs.
+---
+# Management APIs for Azure Active Directory for customers 
+
+Using APIs allows you to programmatically manage resources in your Azure Active Directory (AD) for customers directory. Depending on the resource you want to manage, you can use the Microsoft Graph API or the Azure REST API. Both APIs are supported for the management of resources related to Azure AD for customers. Each link in the following sections targets the corresponding page within the relevant reference for that operation. You can use this article to determine which API to use for the resource you want to manage.
+
+## Azure REST API
+Using the Azure REST API, you can manage your Azure AD for customers tenant. The following Azure REST API operations are supported for the management of resources related to Azure AD for customers.
+
+* [Tenant Management operations](azure-rest-api-operations-tenant-management.md)
+
+## Microsoft Graph API
+
+Querying and managing resources in your Azure AD for customers directory is done through the Microsoft Graph API. The following Microsoft Graph API operations are supported for the management of resources related to Azure AD for customers. 
+
+* [User flows operations](microsoft-graph-operations-user-flow.md)
+
+* [Company branding operations](microsoft-graph-operations-branding.md)
+
+* [Custom extensions](microsoft-graph-operations-custom-extensions.md)
+
+### Register a Microsoft Graph API application
+
+In order to use the Microsoft Graph API, you need to register an application in your Azure AD for customers tenant. This application will be used to authenticate and authorize your application to call the Microsoft Graph API.
+
+During registration, you'll specify a **Redirect URI** which redirects the user after authentication with Azure Active Directory. The app registration process also generates a unique identifier known as an **Application (client) ID**. 
+
+The following steps show you how to register your app in the Microsoft Entra admin center:
+
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/).
+
+1. If you have access to multiple tenants, make sure you use the directory that contains your Azure AD for customers tenant:
+
+    1. Select the **Directories + subscriptions** icon in the portal toolbar. 
+
+    1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD for customers directory in the **Directory name** list, and then select **Switch**.
+
+1. On the sidebar menu, select **Azure Active Directory**.
+
+1. Select **Applications**, then select **App Registrations**.
+
+1. Select **+ New registration**.
+
+1. In the **Register an application page** that appears, enter your application's registration information:
+
+    1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example *ciam-client-app*.
+
+    1. Under **Supported account types**, select **Accounts in this organizational directory only**.
+
+1. Select **Register**.
+
+1. The application's **Overview pane** is displayed when registration is complete. Record the **Directory (tenant) ID** and the **Application (client) ID** to be used in your application source code.
+
+### Grant API Access to your application
+
+For your application to access data in Microsoft Graph API, grant the registered application the relevant application permissions. The effective permissions of your application are the full level of privileges implied by the permission. For example, to create, read, update, and delete every user in your Azure AD for customers tenant, add the User.ReadWrite.All permission.
+
+1. Under **Manage**, select **API permissions**.
+
+1. Under **Configured permissions**, select **Add a permission**.
+
+1. Select the **Microsoft APIs** tab, then select **Microsoft Graph**.
+
+1. Select **Application permissions**.
+
+1. Expand the appropriate permission group and select the check box of the permission to grant to your management application. For example:
+
+    * **User** > **User.ReadWrite.All**: For user migration or user management scenarios.
+
+    * **Group** > **Group.ReadWrite.All**: For creating groups, read and update group memberships, and delete groups.
+
+    * **AuditLog** > **AuditLog.Read.All**: For reading the directory's audit logs.
+
+    * **Policy** > **Policy.ReadWrite.TrustFramework**: For continuous integration/continuous delivery (CI/CD) scenarios. For example, custom policy deployment with Azure Pipelines.
+
+1. Select **Add permissions**. As directed, wait a few minutes before proceeding to the next step.
+
+1. Select **Grant admin consent for (your tenant name)**.
+
+1. If you are not currently signed-in with Global Administrator account, sign in with an account in your Azure AD for customers tenant that's been assigned at least the *Cloud application administrator* role and then select **Grant admin consent for (your tenant name)**.
+
+1. Select **Refresh**, and then verify that "Granted for ..." appears under **Status**. It might take a few minutes for the permissions to propagate.
+
+After you have registered your application, you need to add a client secret to your application. This client secret will be used to authenticate your application to call the Microsoft Graph API.
+
+The application uses the client secret to prove its identity when it requests for tokens.
+
+1. From the **App registrations** page, select the application that you created (such as *ciam-client-app*) to open its **Overview** page.
+
+1. Under **Manage**, select **Certificates & secrets**.
+
+1. Select **New client secret**.
+
+1. In the **Description** box, enter a description for the client secret (for example, `ciam app client secret`).
+
+1. Under **Expires**, select a duration for which the secret is valid (per your organizations security rules), and then select **Add**.
+
+1. Record the secret's **Value**. You'll use this value for configuration in a later step.
+
+> [!NOTE] 
+> The secret value won't be displayed again, and is not retrievable by any means, after you navigate away from the certificates and secrets page, so make sure you record it. <br> For enhanced security, consider using **certificates** instead of client secrets.
+## Next steps
+
+- To learn more about the Microsoft Graph API, see [Microsoft Graph overview](/graph/overview). 
+  

articles/active-directory/external-identities/customers/index.yml

@@ -22,6 +22,8 @@ landingContent:
         links:
           - text: About Azure AD for customers
             url: overview-customers-ciam.md 
+          - text: Frequently asked questions
+            url: faq-customers.md 
       - linkListType: concept
         links:
           - text: Planning for customer identity and access management